ProcessUnity Evidence Evaluator flags discrepancies in a third-party’s controls

ProcessUnity introduced Evidence Evaluator, an generative AI that reduces the manual lift of assessing and validating third-party security controls.

A key component of ProcessUnity’s Third-Party Risk Management (TPRM) Platform, Evidence Evaluator automatically reviews third-party evidence and populates assessment responses complete with references to the specified evidence in the source documents.

For third-party risk teams overwhelmed by the hours spent reading security policies, SOC 2 reports, ISO 27001 certifications, and other evidentiary documentation, Evidence Evaluator delivers a more consistent, accurate, and faster alternative. The technology analyzes third-party evidence, generates responses to questionnaires with supporting rationale and page reference locations, and flags any discrepancies in a third-party’s controls.

Unlike other AI-based TPRM assessment tools on the market, Evidence Evaluator stands out because it prioritizes:

• Accuracy – Built and trained on ProcessUnity’s expansive cybersecurity large language model that delivers highly relevant reasoning behind each contextual result to reduce assessor review cycles.
• Privacy – Built and trained in-house, with strict data protections in place. All data is encrypted in transit and at rest, and user-provided inputs are discarded after processing.
• Flexibility – Created as framework-agnostic, Evidence Evaluator recognizes the nuances in language between different standards, regulations, and custom assessments.
• Adaptability – Continuously updated through automated retraining, the dataset and resulting platform evolves to keep up with changes in industry language and regulations.
• Integration – Embedded directly into the ProcessUnity TPRM platform, Evidence Evaluator eliminates the need for separate AI tools or manual integrations.

“We invested heavily in developing this advanced GenAI model to deliver far more than a generic, open-source tool,” said Dan Tobin, Senior Director of Analytics at ProcessUnity. “Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments. And because it’s fully integrated into our platform, teams can realize these benefits immediately.”

Built to review the documents that define third-party risk posture

Trained using the world’s most comprehensive Third-Party Risk Management Large Language Model (LLM), Evidence Evaluator reads and understands virtually any document submitted as part of the vendor assessment process, accurately analyzing and interpreting the documents your team relies on to validate third-party controls. Examples include:

• Statement of Controls Reports (SOC 1, SOC 2, etc.)
• Certifications (ISO 27001, etc.)
• Completed Questionnaires (SIG Core, SIG Lite, etc.)
• Compliance Attestations (GDPR, CCPA, etc.)
• Information Security Policies & Procedures
• Business Continuity / Disaster Recovery Plans

Whether your third parties provide formal audit reports or internal policies, Evidence Evaluator extracts relevant insights and translates them into accurate, defensible responses, helping your team move from document review to decision faster than ever before.